From 78fb2d9a429de070b0d7c9c57710cffa52c4b52b Mon Sep 17 00:00:00 2001
From: toyoshim <toyoshim@chromium.org>
Date: Thu, 2 Apr 2015 13:27:31 -0700
Subject: [PATCH] Web MIDI: allow http://localhost to prompt sysex permission

Allow to obtain a sysex permission for localhost even if the scheme is
non-secure. This is inteded for to use for testing.

TEST=manual check with http://localhost:xxx and http://127.0.0.1:xxx
BUG=470170

Review URL: https://codereview.chromium.org/1050063002

Cr-Commit-Position: refs/heads/master@{#323555}
---
 chrome/browser/content_settings/permission_context_base.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/chrome/browser/content_settings/permission_context_base.cc b/chrome/browser/content_settings/permission_context_base.cc
index 6ce8d1295309..a011d568d476 100644
--- a/chrome/browser/content_settings/permission_context_base.cc
+++ b/chrome/browser/content_settings/permission_context_base.cc
@@ -17,6 +17,7 @@
 #include "components/content_settings/core/common/permission_request_id.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_contents.h"
+#include "net/base/net_util.h"
 
 PermissionContextBase::PermissionContextBase(
     Profile* profile,
@@ -106,8 +107,10 @@ void PermissionContextBase::DecidePermission(
 
   // The Web MIDI API is not available for origin with non secure schemes.
   // Access to the MIDI API is blocked.
+  // TODO(crbug.com/362214): Use a standard way to check the secure origin.
   if (permission_type_ == CONTENT_SETTINGS_TYPE_MIDI_SYSEX &&
-      !requesting_origin.SchemeIsSecure()) {
+      !requesting_origin.SchemeIsSecure() &&
+      !net::IsLocalhost(requesting_origin.host())) {
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, CONTENT_SETTING_BLOCK);
     return;
-- 
2.11.4.GIT